Debian DSA-3629-1 : ntp - security update

high Nessus Plugin ID 92571

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs :

 - CVE-2015-7974 Matt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers.

 - CVE-2015-7977 CVE-2015-7978 Stephen Gray discovered that a NULL pointer dereference and a buffer overflow in the handling of 'ntpdc reslist' commands may result in denial of service.

 - CVE-2015-7979 Aanchal Malhotra discovered that if NTP is configured for broadcast mode, an attacker can send malformed authentication packets which break associations with the server for other broadcast clients.

 - CVE-2015-8138 Matthew van Gundy and Jonathan Gardner discovered that missing validation of origin timestamps in ntpd clients may result in denial of service.

 - CVE-2015-8158 Jonathan Gardner discovered that missing input sanitising in ntpq may result in denial of service.

 - CVE-2016-1547 Stephen Gray and Matthew van Gundy discovered that incorrect handling of crypto NAK packets may result in denial of service.

 - CVE-2016-1548 Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients could be forced to change from basic client/server mode to interleaved symmetric mode, preventing time synchronisation.

 - CVE-2016-1550 Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered that timing leaks in the packet authentication code could result in recovery of a message digest.

 - CVE-2016-2516 Yihan Lian discovered that duplicate IPs on 'unconfig' directives will trigger an assert.

 - CVE-2016-2518 Yihan Lian discovered that an OOB memory access could potentially crash ntpd.

Solution

Upgrade the ntp packages.

For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2.

See Also

https://security-tracker.debian.org/tracker/CVE-2015-7974

https://security-tracker.debian.org/tracker/CVE-2015-7977

https://security-tracker.debian.org/tracker/CVE-2015-7978

https://security-tracker.debian.org/tracker/CVE-2015-7979

https://security-tracker.debian.org/tracker/CVE-2015-8138

https://security-tracker.debian.org/tracker/CVE-2015-8158

https://security-tracker.debian.org/tracker/CVE-2016-1547

https://security-tracker.debian.org/tracker/CVE-2016-1548

https://security-tracker.debian.org/tracker/CVE-2016-1550

https://security-tracker.debian.org/tracker/CVE-2016-2516

https://security-tracker.debian.org/tracker/CVE-2016-2518

https://packages.debian.org/source/jessie/ntp

https://www.debian.org/security/2016/dsa-3629

Plugin Details

Severity: High

ID: 92571

File Name: debian_DSA-3629.nasl

Version: 2.17

Type: local

Agent: unix

Published: 7/27/2016

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.7

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:ntp, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 7/25/2016

Vulnerability Publication Date: 1/26/2016

Reference Information

CVE: CVE-2015-7974, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518

DSA: 3629